< Back to rules searchAWS unauthorized activity
Set up the cloudtrail integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Overview
Goal
Detect when unauthorized activity is detected in AWS.
Strategy
This rule lets you monitor CloudTrail to detect when the error message of AccessDenied
is returned.
Triage & Response
- Determine which user in your organization owns the API key that made this API call.
- Contact the user to see if they intended to make this API call.
- If the user did not make the API call:
- Rotate the credentials.
- Investigate if the same credentials made other unauthorized API calls.